<?php

	error_reporting(0);
	session_start();
	error_reporting(1);

	require_once "../PinSQL.obj" ;
	$pinSQL = new PinSQL();
	
	$type = $_POST['type'];
	require_once "Gallery_new.obj";
	include "setupGallery.php"; //creates a $gallery object which we can use for table names and other specifics
	
	// deal with the comments
	$itemID = $_POST["itemid"];
	
	$result = mysql_query("SELECT * FROM $gallery->dataTable WHERE id='$itemID'") or die(mysql_error());
	
	$comment = $_POST["comment"];
	$visitor = $_SESSION['username'];
	$email = $_SESSION['email'];
	$comment_safe = addslashes($comment); // comment with ' replaced by \' for MySQL query
  
  if ($comment != "")
  {
     mysql_query("INSERT INTO $gallery->commentsTable
     (itemid, visitor, email, comment)
     VALUES('$itemID',
     '$visitor',
     '$email',
     '$comment_safe') ")
     or die(mysql_error());
     
	// RSS
	if ( isset($_SESSION['username']) )
	{
		$user = $_SESSION['username'];	
	} else {
		$user = '[guest]';	
	}
     
	mysql_query("INSERT INTO activity
	(event_type, by_user, param_1, param_long, url_1)
	VALUES('new-$gallery->galleryItemName-comment', '$user', '$itemID', '$comment_safe',
	'/common/gallery/portal_$gallery->galleryType.php?dest=$itemID') ")
	or die(mysql_error());
	
		// email notification
		$realname = $pinSQL->GetUserField($user, "firstname") . " " . $pinSQL->GetUserField($user, "lastname");
		if ($realname == " ")
			$realname = $user;
		$touser = $pinSQL->GetMediaField($gallery->dataTable, $itemID, "artist");
		$subject = "$realname commented on your $gallery->galleryItemName \"" . $pinSQL->GetMediaField($gallery->dataTable, $itemID, "name") . "\" on The Pin Project...";
		$messageEmail = "$realname wrote a comment on your $gallery->galleryItemName, \"" . $pinSQL->GetMediaField($gallery->dataTable, $itemID, "name") . ".\""
		. "\n\n\"" . $comment . "\""
		. "\n\n___________________________________"
		. "\nVisit the Pin Project: http://www.pinproject.com"
		. "\nYou are receiving this message because e-mail notifications are turned on. You can turn them off in your profile settings.";
		
		include "../../members/email_notify.php";
     
	include("gen_comments.php");
  }

  else
  {
      echo "\n<br><i>You did not comment.</i><br>";
      include("gen_comments.php");
  }
  
  mysql_close();

?>